Sure, if you can rationalize leaving a billion users vulnerable to anyone who does the same thing you did - potentially very unpleasant people - you might make slightly more money. No argument there.
-
-
Replying to @taviso @scriptjunkie1 and
As much as people like to shit on them, the US Gov also is able to save lives thanks to its offensive cyber programs. They aren't angels who do no wrong, but I think they do net positive. I also don't think bad folks use 0days against billions, only very targeted folks
2 replies 0 retweets 2 likes -
Replying to @tylerni7 @scriptjunkie1 and
That is a dishonest tweet that misrepresents the argument. When you say "It's okay because only sell exploits to the good guys", the problem is you can't stop bad people finding and exploiting the same bug, and *that's* the problem.
1 reply 1 retweet 1 like -
Replying to @taviso @scriptjunkie1 and
I get that 100%, I agree selling exploits to folks that don't report means good people are vulnerable to the same bugs. But going and working in an unrelated area (not bug bounties, not p0, not selling to brokers) still leaves bad people able to find those bugs.
1 reply 0 retweets 0 likes -
I do hope that what most of us do pushes everyone in the right direction to be "more secure". *But* I also think the US Gov and others have legit uses for 0days, and that espionage saves lives. I think it's unfair to paint everyone who agrees with that as unethical.
1 reply 0 retweets 2 likes -
Replying to @tylerni7 @scriptjunkie1 and
Here's the problem with that argument, the government has effectively unlimited resources. They can literally drop people with guns out of helicopters. It is not necessary to put innocent people in harm's way, there are other options to achieve the same goals.
2 replies 1 retweet 1 like -
Replying to @taviso @scriptjunkie1 and
Without good intelligence, they don't know where to drop those people out of the helicopters. People also generally prefer to not involve shooting except as a last resort, and I think that's a good thing.
1 reply 0 retweets 2 likes -
Replying to @tylerni7 @scriptjunkie1 and
You're not discussing this in good faith, I cannot enumerate all the things that the military can do in a tweet dude. There are other options available to the military other than exploits and shooting people.
2 replies 1 retweet 1 like -
I get that you need to rationalize selling exploits to the military. You do that by saying "It's 100% ethical because I only sell to the good guys", and don't think about someone selling the same bug to repressive regimes instead.
1 reply 1 retweet 1 like -
Totalitarian governments can just backdoor your device with their own CA and mitm all your comms. If you refuse, you can just be arrested. It's not like the one secret 0-day is making that much of a difference.
1 reply 0 retweets 0 likes
If totalitarian governments don't need 0day, then how come they keep getting caught using them, and companies keep getting caught trying to sell to them? I don't buy the "It's just little old me, I can't make a difference" argument, sorry 
-
-
I agree 0day is useful, but I think the argument that usgov can find another way applies to repressive governments too. If I found a bug that was used to hurt innocent people, I would feel guilty. I don't know if disclosing it publicly makes it less likely for that to happen.
1 reply 0 retweets 0 likes -
Right, they can find another way. The reason that's important is because I think it's reasonable to trust the military to competently safeguard equipment from abuse. It is *impossible* to prevent bad actors from finding the same bug, so they cannot prevent it being abused.
2 replies 1 retweet 2 likes - 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.